automatic update

4 files changed, 17 insertions, 24 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 4296776c81..9b685b2478 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1101,8 +1101,8 @@ CVE-2012-6279
 	REJECTED
 CVE-2012-6278
 	REJECTED
-CVE-2012-6277
-	RESERVED
+CVE-2012-6277 (Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 1 ...)
+	TODO: check
 CVE-2012-6276 (Directory traversal vulnerability in the web-based management interfac ...)
 	NOT-FOR-US: TP-LINK TL-WR841N
 CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAn ...)
@@ -13826,8 +13826,7 @@ CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or pac
 CVE-2012-1094
 	RESERVED
 	- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2012-1093 [init script x11-common creates directories in insecure manner]
-	RESERVED
+CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...)
 	- xorg 1:7.6+12 (bug #661627)
 	[squeeze] - xorg <no-dsa> (maintainer suggests no-dsa; confirm)
 CVE-2012-1092
@@ -14415,8 +14414,7 @@ CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.
 	- python2.6 2.6.8-0.1
 	- python2.5 <removed>
 	[squeeze] - python2.5 <no-dsa> (Minor issue)
-CVE-2012-0844
-	RESERVED
+CVE-2012-0844 (Information-disclosure vulnerability in Netsurf through 2.8 due to a w ...)
 	- netsurf 2.8-2 (bug #659376)
 CVE-2012-0843 (uzbl: Information disclosure via world-readable cookies storage file ...)
 	- uzbl 0.0.0~git.20111128-2 (bug #659379)
@@ -14458,8 +14456,7 @@ CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5
 	NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
 CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Me ...)
 	NOT-FOR-US: Mibew Messenger
-CVE-2012-0828
-	RESERVED
+CVE-2012-0828 (Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xch ...)
 	- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
 CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using unspecified fiel ...)
 	- drupal7 7.11-1
@@ -16352,8 +16349,7 @@ CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain X
 	[squeeze] - xorg-server <not-affected> (introduced in 1.11)
 	[lenny] - xorg-server <not-affected> (introduced in 1.11)
 	NOTE: actually unfixed in experimental, not marked because of version numbering
-CVE-2012-0063
-	RESERVED
+CVE-2012-0063 (Insecure plugin update mechanism in tucan through 0.3.10 could allow r ...)
 	- tucan <unfixed> (bug #656388)
 	[squeeze] - tucan <no-dsa> (Minor issue)
 CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 7aa9f1303b..4c76472888 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -9100,8 +9100,7 @@ CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...)
 	NOTE: https://varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html
 CVE-2013-4089
 	RESERVED
-CVE-2013-4088 [Information Disclosure]
-	RESERVED
+CVE-2013-4088 (Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OT ...)
 	{DSA-2712-1}
 	- otrs2 3.2.8-1
 	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
@@ -10256,8 +10255,7 @@ CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the
 	NOT-FOR-US: Dell iDRAC6
 CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote attac ...)
 	NOT-FOR-US: Zyxel
-CVE-2013-3587 [BREACH attack against HTTP compression]
-	RESERVED
+CVE-2013-3587 (The HTTPS protocol, as used in unspecified web applications, can encry ...)
 	NOTE: not something we can concretely fix somewhere
 	NOTE: mitigations must be done in webapps
 	NOTE: http://web.archive.org/web/20160304210825/http://breachattack.com/
@@ -10361,8 +10359,7 @@ CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earl
 	NOT-FOR-US: Nitro Pro
 CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier a ...)
 	NOT-FOR-US: Nitro Pro
-CVE-2013-3551
-	RESERVED
+CVE-2013-3551 (Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ...)
 	{DSA-2696-1}
 	- otrs2 3.2.7-1
 	[squeeze] - otrs2 <not-affected>
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 11cb5799a4..3be57c8586 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1617,10 +1617,10 @@ CVE-2019-19868
 	RESERVED
 CVE-2019-19867
 	RESERVED
-CVE-2019-19866
-	RESERVED
-CVE-2019-19865
-	RESERVED
+CVE-2019-19866 (Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obta ...)
+	TODO: check
+CVE-2019-19865 (Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could e ...)
+	TODO: check
 CVE-2019-19864
 	REJECTED
 CVE-2019-19863
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 05f678c1b5..6646d1cc59 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -5210,10 +5210,10 @@ CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vul
 	NOT-FOR-US: TopManage
 CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
-CVE-2020-6842
-	RESERVED
-CVE-2020-6841
-	RESERVED
+CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...)
+	TODO: check
+CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to  ...)
+	TODO: check
 CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/mruby/mruby/issues/4927